Why the humble router remains one of the most insecure devices in your home

For all the time that we spend thinking about the security of our phones and laptops — about encryption, strong passwords and two-factor authentication — comparatively little attention is paid to the humble internet router.

The tiny box is probably one of the most important pieces of technology you have in your home. It’s the one device through which all of your other devices connect to the internet. But despite being responsible for such an important task, most routers remain hidden away, rarely monitored and even more rarely updated — if their software is updated at all.

It’s why, for intelligence agencies and criminals alike, routers — plentiful and often insecure — are ever-increasing targets for attack.

“Once you target a router, you don’t just get access to one computer,” says Eva Blum-Dumontet, research officer for London, U.K.-based Privacy International. “You get access to any computer” or device that connects to the internet through that router, too.

Documents released by WikiLeaks this week that detail the breadth of CIA hacking tools underscore just how valuable that access is — and, according to privacy and security experts, how easy it is to get.

Security expert Katie Moussouris called routers “one of the biggest, most lush attack surfaces that we have.”

“This is a very dramatic problem,” said Blum-Dumontet. While our phones and laptops have gotten more secure, she explained, “We’re connecting to the internet through routers which are just literally, absolutely, atrocious in terms of security.”

‘It’s really child’s play’

The WikiLeaks archive details numerous tools and techniques the CIA can use to spy on smartphones and computers. It even describes turning a Samsung Smart TV into a covert listening device.

But there are also many pages devoted to finding and exploiting the numerous security holes in networking devices — common models of home and office routers that connect phones, laptops and smart TVs to each other, and to the wider internet, too.